Gaming system file authentication

ABSTRACT

A gaming system utilizes watermarks in files to provide file authentication. In one embodiment, the files contain images or video clips. Selected frames of such images or video clips contain a watermark, which is compared to a key stored in the gaming system. The key may be stored in a non-volatile random access memory in the gaming system. In one embodiment, the memory is not modifiable by a customer.

RELATED APPLICATIONS

This application claims priority under 35 U.S.C. 119(e) from U.S.Provisional Application Ser. No. 60/694,056 filed Jun. 24, 2005, andfrom U.S. Provisional Application Ser. No. 60/711,510 filed Aug. 26,2005, both of which applications are incorporated herein by reference.

COPYRIGHT

A portion of the disclosure of this patent document contains material towhich the claim of copyright protection is made. The copyright owner hasno objection to the facsimile reproduction by any person of the patentdocument or the patent disclosure, as it appears in the U.S. Patent andTrademark Office file or records, but reserves all other rightswhatsoever. Copyright 2006, WMS Gaming, Inc.

FIELD

The present invention related to gaming systems, and in particular tofile authentication in a gaming system.

BACKGROUND

Gaming devices are highly regulated to ensure that they are operatingproperly, and within regulation. Many jurisdictions required that allgaming devices which have control programs residing in one or moreconventional read only memory (ROM) devices must employ a mechanism toverify control programs and data. The mechanism used must detect atleast 99.99 percent of all possible media failures. If these programsand data are to operate out of volatile random access memory (RAM), theprogram that loads the RAM must reside on and operate from aConventional ROM Device.

Gaming devices having control programs or data stored on memory devicesother than conventional ROM devices may need to employ a mechanism thatverifies that all control program components, including data and graphicinformation, are authentic copies of the approved components. Tests maybe required to verify that components are approved components. Theverification mechanism must have an error rate of less than 1 in 10 tothe 38th power and must prevent the execution of any control programcomponent if any component is determined to be invalid. Any programcomponent of the verification or initialization mechanism must be storedon a conventional ROM device that must be capable of beingauthenticated.

A method used for authentication should employ a mechanism which testsunused or unallocated areas of any alterable media for unintendedprograms or data and tests the structure of the storage media forintegrity. The mechanism must prevent further play of the gaming deviceif unexpected data or structural inconsistencies are found.

Any gaming device executing control programs from electrically erasableor volatile memory must employ a mechanism that ensures the integrity ofall control program components residing therein, including fixed dataand graphic information and ensures that they are authentic copies ofthe approved components. Additionally, control program components,excluding graphics and sound components, must be fully verified at thetime of loading into the electrically erasable or volatile memory andupon any significant event, including but not limited to door closings,game resets, and power up. The mechanism must prevent further play ofthe gaming device if an invalid component is detected.

These types of mechanisms can make it difficult to quickly modify gamingcontent in gaming machines. They can require the presence of atechnician each time a game is updated or changed on a gaming device,which can lead to delays in updating games, introducing new games, andadd to down time for gaming machines.

SUMMARY

A gaming system utilizes watermarks in files to provide fileauthentication. In one embodiment, the files may contain images, videoclips, audio clips, executable code and other information. Selectedportions of the files, such as frames of images or video clips contain awatermark, which is compared to a key stored in the gaming system. Thekey may be stored in a non-volatile random access memory in the gamingsystem or remotely. In one embodiment, the memory is not modifiable by acustomer.

In further embodiments, a watermark may be spread across multipleframes, or may occur in one frame in 30 to 50 frames, corresponding toabout one second or more of video. The watermark may change from frameto frame. In one embodiment, a selected number of different watermarksare used, and rotated. The location of the watermark within a portion ofa file may be changed randomly from file to file, and may also coveronly a portion of the file.

In one embodiment, the watermark is encrypted, and is decrypted as it isread by the gaming system during normal operation or boot. The decryptedwatermark is then compared to the key. In a further embodiment, the fileis authenticated in real time, as the frames are read, as opposed toauthenticating the entire file prior to beginning to display the frames.

DESCRIPTION OF THE DRAWING

FIG. 1 is a block diagram of a gaming machine according to an exampleembodiment.

FIG. 2A is a block diagram illustrating embedding of watermarks inframes of audio/video files according to an example embodiment.

FIG. 2B is a block diagram illustrating authentication of framescontaining watermarks according to an example embodiment.

FIG. 3 is a block diagram illustration of partitions of a disk drivecontaining files according to an example embodiment.

FIG. 4 is a block diagram illustration of compact flash game cardaccording to an example embodiment.

FIG. 5 is a flow chart illustration of post boot authentication of awatermark database according to an example embodiment.

FIG. 6 is a flow chart illustrating continuous authentication of fileframes as frames are displayed according to an example embodiment.

FIG. 7 is a block diagram illustration of a compact flash game cardaccording to a further example embodiment.

FIG. 8 is a flow chart illustrating installation on a hard disk driveaccording to an example embodiment.

FIG. 9 is a block diagram illustration of partitions of a disk drivecontaining files according to a further example embodiment.

FIG. 10 is a block diagram illustration of compact flash game cardaccording to a further example embodiment.

FIG. 11 is a flowchart illustration of verification of a hard disk driveauthorization table according to an example embodiment.

DETAILED DESCRIPTION

In the following description, reference is made to the accompanyingdrawings that form a part hereof, and in which is shown by way ofillustration specific embodiments which may be practiced. Theseembodiments are described in sufficient detail to enable those skilledin the art to practice the invention, and it is to be understood thatother embodiments may be utilized and that structural, logical andelectrical changes may be made without departing from the scope of thepresent invention. The following description is, therefore, not to betaken in a limited sense, and the scope of the present invention isdefined by the appended claims.

The functions or algorithms described herein are implemented in softwareor a combination of software and human implemented procedures in oneembodiment. The software comprises computer executable instructionsstored on computer readable media such as memory or other types ofstorage devices. The term “computer readable media” is also used torepresent carrier waves on which the software is transmitted. Further,such functions correspond to modules, which are software, hardware,firmware or any combination thereof. Multiple functions are performed inone or more modules as desired, and the embodiments described are merelyexamples. The software is executed on a digital signal processor, ASIC,microprocessor, or other type of processor operating on a computersystem, such as a personal computer, server or other computer system.

As used herein, the term casino game or gaming device encompasses,without limitation, slot machines, video poker machines, roulettetables, poker tables, craps tables and any other game of chance offeredby a gaming establishment wherein for example the game qualifies asregulated and/or licensed gaming equipment.

A typical gaming system is first described, followed by a description ofthe use of watermarks in frames of audio, video and/or still imagescontained in a file. The watermarks may be used to authenticate theframes in real time by comparing them to a key stored on the gamingsystem, allowing faster initial display of the frames. Watermarks mayalso be used in other types of files, such as executable files and datafiles.

As illustrated in FIG. 1, the gaming device 100 includes a coin slot 102and bill acceptor 124. Players can place coins in the coin slot 102 andpaper money or ticket vouchers in the bill acceptor 124. Other devicescan be used for accepting payment. For example, credit/debit cardreaders/validators can be used for accepting payment. Additionally, thegaming device 100 can perform electronic funds transfers and financialtransfers to procure monies from house financial accounts. When a playerinserts money in the gaming device 100, a number of creditscorresponding to the amount deposited is shown in a credit display 106.After depositing the appropriate amount of money, a player can beginplaying the game by pulling an arm or by pushing a play button. The playbutton can be any play activator used by the player to start a game orsequence of events in the gaming device 100.

As shown in FIG. 1, the gaming device 100 also includes a bet display112 and a “bet one” button. The player places a bet by pushing the betone button. The player can increase the bet by one credit each time theplayer pushes the bet one button. When the player pushes the bet onebutton, the number of credits shown in the credit display 106 decreasesby one, and the number of credits shown in the bet display 112 increasesby one.

A player may “cash out” by pressing a cash out button 116. When a playercashes out, the gaming device 100 dispenses a number of coins,corresponding to the number of remaining credits, into the coin tray118. The gaming device 100 may employ other payout mechanisms such ascredit slips, which are redeemable by a cashier, or electronicallyrecordable cards, which track player credits.

The gaming device 100 also includes one or more display devices. Theembodiment shown in FIG. 1 includes a primary display unit 104 and asecondary display unit 126. In one embodiment, the primary display unit104 displays a plurality of reels 120. In one embodiment, the gamingdevice displays three reels, while an alternative embodiment displaysfive reels. In one embodiment, the reels are in video form. According toembodiments of the invention, the display units can display any visualrepresentation or exhibition, including moving physical objects (e.g.,mechanical reels and wheels), dynamic lighting, and video images. In oneembodiment, each reel 120 includes a plurality of symbols such as bells,hearts, fruits, numbers, letters, bars or other images, which correspondto a theme associated with the gaming device 100. Furthermore, as shownin FIG. 1, the gaming device 100 includes a primary sound unit 128 and asecondary sound unit 130. In one embodiment, the primary and secondarysound units include speakers or other suitable sound projection devices.

FIG. 2A is a block flow diagram 200 of a digital watermarking techniquethat introduces changes to video, image and audio data that areimperceptible to the human eye or ear but easily recoverable by acomputer program. Generally, the watermark is a number. The locations inthe data where the watermark is embedded are determined by a key, whichmay also contain a number matching the watermark to verify that the datacontains the correct watermark. An original audio/video file isindicated at 210, and is provided to a watermark embedding program 220.A key 230 is also provided for each watermark. The embedding algorithmuses the key to determine which bits of a frame of the audio/video fileto modify, resulting in a marked audio/video file 240.

FIG. 2B is a block diagram of a gaming system 250 that utilizeswatermarks on audio/video frames in a file. Marked audio/video files 240are provided to a decoding algorithm 255, which also provides a key 230for each marked frame in the file. The decoding algorithm 255 extractsthe watermarks from the frames and uses the key to verify that frames inthe files contain the correct watermarks. Frames that pass theverification are shown at 260, and are available for display by thegaming system 250. If the end of the file, such as a movie, has not beenreached at 265, the next frame is extracted and verified at 255. If aframe is found not to contain the proper watermark, the gaming system,such as a gaming machine halts execution at 270.

In one embodiment, a commercial software product is used to insertwatermarks into selected frames of files, such as audio/video files. Onewatermark may be inserted into each frame, or selected frames, such asevery 30^(th) to 50^(th) frame, corresponding to one or more seconds ofaudio video when viewed by a user. The watermark may be the same ordifferent for each frame, or may comprise a sequence of watermarks thatmay be repeated, or randomized. Keys are stored on the gaming system,such as in a compact flash read only card that is inserted into thegaming system. The keys should match up with the watermarks. The keysmay identify locations in the frames where watermark numbers are placed,and also contains an identifier of the watermark, such as a sequence ofmatching numbers. In some embodiments, the watermark is encrypted, andwhen read, is decrypted prior to matching it to the number sequence inthe corresponding key. The watermark may alternatively be digitallysigned, with the signature verified prior to matching it.

During operation of a game, as audio/video frames are read, they arechecked to ensure they contain the proper watermark. In one embodiment,an incorrect watermark may place the game in a halt state, showing acall attendant message on the screen. Normal operation is not possiblewithout intervention by an attendant. In further embodiments, twoconsecutive incorrect watermarks may be detected prior to the game beingplaced in the halt state. In still further embodiments, a selectednumber of incorrect watermarks in a sequence of a predetermined numberof watermarks. One example would be two out of three watermarks beingincorrect, or two out of four or five watermarks being incorrect. Thiswould allow for software and disk drive errors without prematurelyhalting a game. Many other examples of a percentage of incorrectwatermarks may be envisioned to allow for an acceptable error ratewithout unnecessarily disrupting the user of a game. In furtherembodiments, a small percentage of files on boot or continuously duringoperation of the gaming system are checked for proper watermarking.Portions of files containing watermarks may be randomized from file tofile.

FIG. 3 is a block diagram of a storage device 300 for the gaming system.In one embodiment, the storage device comprises a hard disk drive thathas been formatted into three partitions. A first partition containsgraphics files 310, and may be a read only partition, meaning that auser is not allowed to write to the partition. In other words, the usermay not modify information contained on the partition. A secondpartition contains sound files 320 and may also read only. A thirdpartition is filled with zeros at 330, or other predeterminedinformation to indicate that it is not used. Such information allows thegaming system to determine that the partition has not been modified, asit is also a read only partition. Read/write drives may also be used infurther embodiments.

A compact flash memory card is shown at 400 in FIG. 4. The compactflash, or CF, contains game executables at 410, a sound operating system420, common sound banks 430, watermark database 440, manifest filecontaining a file signature table (FST) 450, and a digital signature 460for the whole device. Watermark database 440 contains a key pattern usedfor comparison on each unique audio/video file contained in the harddrive 300, as well as each file size in one embodiment.

When the gaming system is booted up, a post boot authentication processshown at 500 in FIG. 5 is executed by the gaming system. At 505, thegame compact flash, CF, is initialized and verified at 510. Ifverification fails, the process is stopped at 515. If successfullyverified, the watermark database represented at 520 is verified at 525.The hard drive status is checked at 530. For systems not requiring ahard drive, the system will verify that the hard drive is not installedby trying a read/write. An error will indicate that the hard drive isnot present, while no error will indicate the presence of the harddrive. This will place the system in a fault state showing a callattendant message on the display screen, and normal operation is notpossible without intervention by an attendant. This state is representedat 515.

If the hard drive is present, a read only check is performed at 535 toensure that the drive is in the proper read only state. Followingsuccessful checking of the CF, watermark database and hard drive readonly status, each file is opened in succession on the hard drive at 540.If a file is found at 545, it is verified at 550 using the watermarksstored in the watermark database. In one embodiment, approximately 15%of the files are verified at 555 to save time. Other percentages of fileverification may be used in further embodiments, either higher or lowerdepending on the level of assurance of verification desired. If the lastfile is found at 560, the post boot authentication process is exited andthe gaming system continues with other processes at 565.

During normal operation of the game, such as when the game is selectedby a user or casino customer, watermark authentication of eachaudio/video file is performed in real time as illustrated at 600 in FIG.6. The hard drive 605 is verified as read only at 610. If not read only,the process is stopped at 615, and the game is placed in a halt state,showing a call attendant message on the screen. Normal operation is notpossible without intervention by an attendant. Files are then opened at620 and verified at 625 as being of proper size. Frames in a file arethen verified at 630, using the watermark in the frame, and the key fromthe watermark database. If verified or authenticated at 630, the frameis used during playing of the game at 635. If the end of the file hasnot been reached at 640, the next frame is verified at 630. Theauthentication process continues while the game is being played.

In further embodiments, gaming system is coupled to a network. A remotenetwork component may be used to store a watermark database. Results maybe retrieved from this database when checking watermarks on files storedon gaming system. The remote network component may generate on demandrequests to the gaming system for authentication of the watermarks ofthe entire gaming system, or a selected portion of the gaming system,such as a single file, portion of a file, disk drive or other portion ofthe gaming system.

An installation to hard drive method utilizes a game CF as shown in FIG.7. The game CF comprises multiple sections, including compressed filesto be installed to hard drive section 710, game executables 720, soundoperating system 730, watermark database 740, manifest file containingFST 750 and digital signature for the whole device 760.

The method for installation to hard drive is shown at 800 in FIG. 8.Installation in one embodiment occurs when a RAM CLEAR is performed.After the RAM CLEAR, the system starts by initializing the BOOT CF at802. It is verified at 804, and if not verified, the process stops at806 and places the game in a halt state, showing a call attendantmessage on the screen. Normal operation is not possible withoutintervention by an attendant.

Following verification of the BOOT CF, the game CF is initialized at 808and verified at 810. The system then asks for a write protect jumper tobe installed at 812. Alternatively, a write enable jumper may be used,such that when added, writing is enabled, and when removed, writing isdisabled. Installation is verified as having been done at 814, and thehard drive is formatted and partitioned at 816. This will be done inthree partitions as shown in FIG. 3. A full installation is performedonto the hard drive. In one embodiment, it is formatted with full sectorchecking during installation at a factory, such that checking for badsectors may not be required during the current installation. This allowsfor a faster formatting process.

Following formatting and partitioning, the compressed file from the gameCF is obtained at 818 and verified at 820. The watermark database isthen retrieved at 822 and verified at 824. Then the compressed file isdecompressed at 826, and files are verified at 828. Again, in oneembodiment, since the files may be very large, a partial authenticationof approximately 15% of the files is performed. If the last file has notbeen processed at 830, the next file is obtained, decompressed andverified until all have been processed. The authentication is performedusing the watermark database, which has been verified using a hashingalgorithm on the game CF card. The watermark database also contains asize of each file to be tested in one embodiment. In a furtherembodiment, a file may contain a watermark corresponding to only aportion, such as a small percentage of the file as opposed to the entirefile. The location of the portion in each file may be randomized to makethe verification process less predictable. More than one watermark maybe used on any particular frame or file if desired.

At 832, the system prompts for removal of the write protect jumper, andverifies such removal at 834. A game configure is then started at 836,by performing a power-restart. At this time initial settings of the gamemachine will be configured. Once this is done, the game is ready toplay.

In a further embodiment, the contents of the hard disk drive and CF areindicated at 900 and 1000 in FIGS. 9 and 10 respectively. The drive 900or other type of storage device is read only in one embodiment, and hasfour partitions. Graphics files are in a first partition at 910. Soundfiles are in partition 920. A read/write area in partition 930 containsa hard disk drive authorization table, and a fourth partition 940 isused for the remaining portion of the drive that is not needed, and isfilled with zeros.

CF 1000 contains game executables 1010, a sound operating system 1020,common sound banks 1030, a watermark database containing a hard diskdrive encryption key 1040, a manifest file containing a FST 1050, and adigital signature for the entire device at 1060. The watermark databasecontains the key pattern used for comparison on each unique audio/videofile contained on the hard drive, as well as each file size.

The hard disk drive authorization table may contain the file name,date/time created, file information such as type and validationtechnique, and an indication of whether the file is closed or notclosed. Once a file is written to the hard drive, it becomes closed. Ifanything happens to the machine while writing to the hard drive, thefile is considered not closed. Any not closed file will have a time/datestamp written to the hard disk drive authorization error log table. Theauthorization table may be encrypted to the hard drive encryption key.The file may be displayable through an operator menu of a game.

The hard drive encryption key will verify that the hard disk driveauthorization table exists and may be used to verify that all files arecontained in the authorization table. In the event of a failedauthentication, the device will enter an error condition.

If a file is found in the hard disk drive authorization error log tablethat is not critical, such as files that do not affect game play,operation, or outcome, the file in question is deleted from the harddrive and a time/date stamp is written into the authorization error logtable. Once the authorization error log table is cleared, verificationof the authorization table is performed before returning to the game.Critical files, such as those that affect game play, operation, oroutcome require operator intervention.

If further authentication of the authorization table is required, thetable may be made redundant. In one embodiment, it may be set up withtwo equal sized partitions, keeping identical copies of the data. Atregular intervals in each partition are special numbers, calledchecksums. When power is re-supplied to a game terminal, the checksumsare recomputed and compared to the values stored. A hash algorithm mayalso be used to produce a message digest, or some other algorithm thatproduces a result which can be compared to verify the data is what isexpected. If one partition is found to have errors, a recover attemptmay be made by copying the good partition to the partition with anerror. After copying, another result may be calculated and ifsuccessful, the game is allowed to continue.

A random check of partition four at 940 may be performed to ensure thatzeros are found in different locations. If there is any authenticationfailure, the system starts up in a fault state showing a call attendantmessage on the screen, and normal operation is not possible withoutintervention by an attendant.

FIG. 11 illustrates the above summarized use of the authorization table.At 1102, the game CF is initialized and verified at 1104. Ifverification is not successful, the game is stopped at 1106. The same istrue for further verification steps shown in FIG. 11. The hard drivestatus is checked at 1108. Read write status is verified at 1110 and ifnot proper for each partition, the game is stopped at 1106. Otherwise,the hard disk drive encryption key is read at 1112 and verified at 1114.If properly verified, the authorization file is read at 1116 andverified at 1118. If properly verified, each file is checked to see thatit exists at 1120 and then the files in the authorization table areopened at 1122. If the last file has been read, as indicated at 1124,files in the authorization error log table are opened at 1126. If a filewas not correctly deleted, it is automatically deleted at 1130, and theauthorization error log table file is updated. Processing then proceedsback to 1120, where each file in the authorization table is opened.

If the error file was correctly deleted at 1128, a check is made to seeif it was the last error file at 1132. Each file is checked in a loopincluding 1128 and 1132 until the last file has been checked asindicated at 1132. The game is then allowed to continue at 1134.

In this embodiment, continuous run time authentication occurs in amanner similar to that illustrated in FIG. 6.

1. A gaming machine implemented method comprising: reading a frame froma file; extracting a watermark from the frame; and comparing theextracted watermark to a key to authenticate the frame.
 2. The method ofclaim 1 wherein the file comprises audio/video information stored on thegaming machine.
 3. The method of claim 1 wherein a frame or filecontains more than one watermark.
 4. The method of claim 1 wherein thefile comprises multiple audio/video frames, and wherein every nth framecontains a watermark, wherein n ranges between approximately 30 to 50.5. The method of claim 1 wherein authentication is performedcontinuously while reading frames from a file.
 6. The method of claim 5and further comprising outputting frames from the files to users of thegaming machine as selected frames are authenticated.
 7. The method ofclaim 1 and further comprising stopping execution of a game when anextracted watermark does not successfully compare to a correspondingkey.
 8. The method of claim 1 wherein a small percentage of files areauthenticated during a boot of the gaming machine.
 9. The method ofclaim 1 wherein at least one frame from each file is authenticated onboot or continuous running of the gaming machine.
 10. The method ofclaim 9 wherein the location of a watermark in a file is randomized fromfile to file.
 11. A method of authenticating a file in a gaming system,the method comprising: reading multiple frames from the file; extractinga watermark from one of the frames; comparing the extracted watermark toa key stored on the gaming system to authenticate the frame.
 12. Themethod of claim 11 wherein a watermark is stored in one of approximatelythirty consecutive frames.
 13. The method of claim 11 wherein frameshave different watermarks.
 14. The method of claim 13 wherein thedifferent watermarks comprise a sequence of different watermarks thatare repeated.
 15. The method of claim 11 wherein the watermark isencrypted, and wherein extracting the watermark further comprisesdecrypting the watermark.
 16. The method of claim 11 wherein the key isstored on a memory device that is not accessible to users of the gamingsystem.
 17. A computer readable medium having instructions encodedthereon for execution by a gaming machine for implementing a methodcomprising: reading a frame from a file; extracting a watermark from theframe; and comparing the extracted watermark to a key to authenticatethe frame.
 18. The method of claim 17 wherein a file contains multipleframes, and wherein a watermark is stored in one of approximately thirtyconsecutive frames.
 19. The method of claim 17 wherein the watermark isencrypted, and wherein extracting the watermark further comprisesdecrypting the watermark.
 20. The method of claim 17 wherein the key isstored on a memory device that is not accessible to users of the gamingsystem.
 21. A computer readable medium having code for execution on agaming system, the medium comprising: a file having multiple framescontaining images for display on the gaming system, selected frameshaving watermarks corresponding to keys stored on the gaming system,wherein the gaming system extracts the watermarks from the selectedframes and compares them to the keys for authentication of the frames inreal time.
 22. A gaming machine comprising: a storage device having aread only audio/video file containing multiple frames of audio/videoinformation, selected frames having a watermark; a read only memorydevice having keys corresponding to watermarks in the selected frames;and an authentication module that when executed by the gaming machine,authenticates the selected frames by comparing the watermarks to thekeys while outputting the frames to the user.
 23. The gaming machine ofclaim 22 wherein the storage device comprises a hard disk drive and thememory device comprises a game compact flash card.
 24. A gaming machineimplemented method comprising: reading data from a file; extracting awatermark from the data; and comparing the extracted watermark to a keyto authenticate the file.
 25. The gaming machine implemented method ofclaim 24 wherein the data read from the file is selected from the groupconsisting of audio, video, still image, executable code, andinformation stored on the gaming machine.
 26. The gaming machineimplemented method of claim 24 wherein a frame or file contains morethan one watermark.
 27. The gaming machine implemented method of claim24 wherein a small percentage of files are authenticated during a bootof the gaming machine.
 28. The gaming machine implemented method ofclaim 24 wherein multiple files in the gaming system are authenticated,and wherein the location of the watermarks in files is randomized fromfile to file.